GNOME Bugzilla – Bug 324209
[CVE-2005-4048] avcodec_default_get_buffer heap overflow
Last modified: 2006-01-13 13:15:47 UTC
Hi, CVE-2005-4048 was brought to my attention, this is a heap overflow in avcodec_default_get_buffer present in gst-ffmpeg 0.8.7. The discovery: http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558 Upstream's commit: http://mplayerhq.hu/pipermail/ffmpeg-cvslog/2005-December/000979.html I'll attach a patch against 0.8.7. Cheers,
Created attachment 56041 [details] [review] fir for CVE-2005-4048 avcodec_default_get_buffer heap overflow
I can't believe this sat for almost a month. Thanks for the patch, Loïc. Committed on both branches.
Andy, speaking for myself only I can tell you why this patch sat here for so long: because I don't have the slightest idea how/where to apply it. I am not sure whether committing it directly to mirror/ffmpeg/libavcodec is the right way of doing this, it should probably have gone as a patch into the patch directory, no? Besides, we might not actually affected by this as we require a minimum size of 16x16 and should bail out before the decoding step because of that, but I haven't actually checked whether we do. Loic, do you happen to have one of those .pngs at hand by any chance?
Nope.
Hm, well maybe I borked it. Not sure. Since this fix is in upstream I'm not worried about it being overwritten by a future merge with a snapshot. Adding Ronald to CC -- Ronald, what do you think?
I barely care, but for maintainability reasons you would apply it as a quilt patch to the mirror/ffmpeg tree, not in the gst-ffmpeg tree. We always did it like that.
Ronald, any idea at what point the quilt patches are applied ? I have got a cvs patch ready for Andy's last commit to the mirror, but I can't figure out when they're applied.
Created attachment 57277 [details] [review] Proper patching using quilt patches This is what I'm about to apply. But can't see when it does that.